CVE-2019-25263 in Zendesk App SweetHawk Survey
Summary
by MITRE • 02/03/2026
Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded by other users.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 02/03/2026
The vulnerability identified as CVE-2019-25263 resides within Zendesk SweetHawk Survey version 1.6, representing a critical persistent cross-site scripting flaw that compromises the security integrity of customer support systems. This weakness enables malicious actors to inject client-side scripts into support ticket submissions, creating a persistent threat vector that can affect multiple users within the survey environment. The vulnerability specifically manifests when survey pages are rendered, executing malicious payloads automatically without requiring additional user interaction beyond the initial submission of compromised ticket content.
The technical implementation of this flaw stems from inadequate input validation and output sanitization mechanisms within the survey application's handling of user-submitted ticket data. When administrators or end users view survey pages containing maliciously crafted ticket text, the application fails to properly escape or filter special characters that could be interpreted as executable script code. This processing gap creates an environment where attackers can embed script tags, event handlers, or other malicious code within support tickets that persists in the database and executes in the browser context of any user who accesses the affected survey pages. The vulnerability operates at the application layer and can be exploited through standard web application attack vectors.
The operational impact of this vulnerability extends beyond simple data integrity concerns, as it provides attackers with potential access to sensitive user information and system resources. When malicious scripts execute within user browsers, attackers can perform actions such as stealing session cookies, redirecting users to phishing sites, or extracting confidential information from survey responses. The persistent nature of the vulnerability means that once an attacker successfully injects malicious code, it will continue to execute whenever affected survey pages are accessed, potentially affecting numerous users over extended periods. This creates a significant risk for organizations relying on Zendesk for customer support operations, as the attack surface includes all users who interact with survey data.
Organizations affected by this vulnerability should implement immediate mitigations including input validation and output encoding measures to prevent script injection attacks. The recommended approach involves sanitizing all user-submitted content before storage and ensuring proper HTML escaping when rendering survey data. Security teams should also consider implementing content security policies to limit script execution capabilities within the survey environment. From a defensive perspective, this vulnerability aligns with CWE-79, which describes cross-site scripting flaws, and follows attack patterns consistent with those documented in the MITRE ATT&CK framework under the technique of web application attacks. Organizations must conduct thorough security assessments of their Zendesk implementations and ensure proper patch management protocols are in place to prevent similar vulnerabilities from persisting in their support infrastructure.